Differential D15168 Diff 36845 src/applications/conpherence/controller/ConpherenceUpdateController.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/conpherence/controller/ConpherenceUpdateController.php
Show All 10 Lines | public function handleRequest(AphrontRequest $request) { | ||||
} | } | ||||
$need_participants = false; | $need_participants = false; | ||||
$needed_capabilities = array(PhabricatorPolicyCapability::CAN_VIEW); | $needed_capabilities = array(PhabricatorPolicyCapability::CAN_VIEW); | ||||
$action = $request->getStr('action', ConpherenceUpdateActions::METADATA); | $action = $request->getStr('action', ConpherenceUpdateActions::METADATA); | ||||
switch ($action) { | switch ($action) { | ||||
case ConpherenceUpdateActions::REMOVE_PERSON: | case ConpherenceUpdateActions::REMOVE_PERSON: | ||||
$person_phid = $request->getStr('remove_person'); | $person_phid = $request->getStr('remove_person'); | ||||
if ($person_phid != $user->getPHID()) { | // This condition and one below enforces the remove_person to be | ||||
// same as the acting_person. | |||||
// By default all we need is to check whether the acting_person | |||||
// can edit the room or not. | |||||
// if ($person_phid != $user->getPHID()) { | |||||
$needed_capabilities[] = PhabricatorPolicyCapability::CAN_EDIT; | $needed_capabilities[] = PhabricatorPolicyCapability::CAN_EDIT; | ||||
} | // } | ||||
break; | break; | ||||
case ConpherenceUpdateActions::ADD_PERSON: | case ConpherenceUpdateActions::ADD_PERSON: | ||||
case ConpherenceUpdateActions::METADATA: | case ConpherenceUpdateActions::METADATA: | ||||
$needed_capabilities[] = PhabricatorPolicyCapability::CAN_EDIT; | $needed_capabilities[] = PhabricatorPolicyCapability::CAN_EDIT; | ||||
break; | break; | ||||
case ConpherenceUpdateActions::JOIN_ROOM: | case ConpherenceUpdateActions::JOIN_ROOM: | ||||
$needed_capabilities[] = PhabricatorPolicyCapability::CAN_JOIN; | $needed_capabilities[] = PhabricatorPolicyCapability::CAN_JOIN; | ||||
break; | break; | ||||
▲ Show 20 Lines • Show All 76 Lines • ▼ Show 20 Lines | if ($request->isFormPost() || ($action == ConpherenceUpdateActions::LOAD)) { | ||||
} | } | ||||
break; | break; | ||||
case ConpherenceUpdateActions::REMOVE_PERSON: | case ConpherenceUpdateActions::REMOVE_PERSON: | ||||
if (!$request->isContinueRequest()) { | if (!$request->isContinueRequest()) { | ||||
// do nothing; we'll display a confirmation dialogue instead | // do nothing; we'll display a confirmation dialogue instead | ||||
break; | break; | ||||
} | } | ||||
$person_phid = $request->getStr('remove_person'); | $person_phid = $request->getStr('remove_person'); | ||||
if ($person_phid && $person_phid == $user->getPHID()) { | // Even though we are no longer checking for the user to be himself, | ||||
// it is still necessary for the phid of the user to be specified | |||||
if ($person_phid) { | |||||
// if ($person_phid && $person_phid == $user->getPHID()) { | |||||
$xactions[] = id(new ConpherenceTransaction()) | $xactions[] = id(new ConpherenceTransaction()) | ||||
->setTransactionType( | ->setTransactionType( | ||||
ConpherenceTransaction::TYPE_PARTICIPANTS) | ConpherenceTransaction::TYPE_PARTICIPANTS) | ||||
->setNewValue(array('-' => array($person_phid))); | ->setNewValue(array('-' => array($person_phid))); | ||||
$response_mode = 'go-home'; | $response_mode = 'go-home'; | ||||
} | } | ||||
break; | break; | ||||
case ConpherenceUpdateActions::NOTIFICATIONS: | case ConpherenceUpdateActions::NOTIFICATIONS: | ||||
▲ Show 20 Lines • Show All 437 Lines • Show Last 20 Lines |